365NEWSX
365NEWSX
Subscribe

Welcome

Massive Twitter data breach was far worse than reported, reveal security researchers - 9to5Mac

Massive Twitter data breach was far worse than reported, reveal security researchers - 9to5Mac

Massive Twitter data breach was far worse than reported, reveal security researchers - 9to5Mac
Nov 25, 2022 1 min, 19 secs

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported.

We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID.

A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.

Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.

A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users.

There were suggestions on Twitter yesterday that the same personal data had been accessed by multiple bad actors, not just one.

I have obtained multiple files, one per phone number country code, containing the phone number <-> Twitter account name pairing for entire country’s telephone number space from +XX 0000 to +XX 9999.

Any twitter account which had the Discoverability | Phone option enabled in late 2021 was listed in the dataset.

Bad actors are believed to have been able to download around 500k records per hour, and the data has been offered for sale by multiple sources on the dark web for around $5k.

The email-twitter pairings were derived by running existing large databases of 100M+ email addresses through this Twitter discoverability vulnerability.

Summarized by 365NEWSX ROBOTS

RECENT NEWS

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2024 365NEWSX - All RIGHTS RESERVED